The IESG has approved the following document: - 'LDP Hello Cryptographic Authentication' (draft-ietf-mpls-ldp-hello-crypto-auth-10.txt) as Proposed Standard This document is the product of the Multiprotocol Label Switching Working Group. The IESG contact persons are Adrian Farrel and Alia Atlas. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-mpls-ldp-hello-crypto-auth/ Technical Summary This document introduces a new optional Cryptographic Authentication TLV that LDP can use to secure its Hello messages. It secures the Hello messages against spoofing attacks and some well known attacks against the IP header. This document describes a mechanism to secure the LDP Hello messages using National Institute of Standards and Technology (NIST) Secure Hash Standard family of algorithms. Working Group Summary Taking a mostly security document through a working group like MPLS is a bit tricky. Most of the participants do not have there focus on security issues. While a large majority agree that the security work has a huge value, it is often not highest on the priority list for the average MPLS participant. Securing routing protocols, like LDP, started with a analysis done by the KARP working group. KARP pointed to the UDP based Hello messages as a potential risk. The current draft has been developed by the MPLS working group and reviewed by KARP during WGLC. The comments from people active in KARP have been very valuable. Document Quality Currently we do not know of existing implementations of this draft, The SecDir review from Yaron Sheffer took a while to resolve, but has improved the document. Personnel Adrian Farrel is the Responsible AD Loa Andersson is the Document Shepherd.
